Aggregator

原域名已变更且将在2024年彻底废弃，请访问 https://govuln.com/news/ 查看新的RSS订阅

A new wave of cyberattacks is targeting organizations that inadvertently expose Java Debug Wire Protocol (JDWP) servers to the internet, with attackers leveraging this overlooked entry point to deploy sophisticated cryptomining malware. JDWP, a standard feature in the Java platform, is designed to facilitate remote debugging by allowing developers to inspect live applications. However, when […]

The post Hackers Exploiting Java Debug Wire Protocol Servers in Wild to Deploy Cryptomining Payload appeared first on Cyber Security News.

A vulnerability, which was classified as problematic, has been found in modelcontextprotocol python-sdk up to 1.9.3. This issue affects some unknown processing. The manipulation leads to uncaught exception. The identification of this vulnerability is CVE-2025-53366. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in jokob-sk NetAlertX up to 25.6.6. Affected is an unknown function of the file front/index.php. The manipulation leads to incorrect comparison. This vulnerability is traded as CVE-2025-48952. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Tunnelblick up to 6.x. It has been declared as critical. This vulnerability affects unknown code of the file Tunnelblick.app of the component Uninstall. The manipulation leads to incomplete cleanup. This vulnerability was named CVE-2025-43711. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Netmake ScriptCase up to 9.12.006 (23). It has been rated as problematic. This issue affects some unknown processing of the file login.php.is of the component Production Environment Extension. The manipulation leads to incorrect provision of specified functionality. The identification of this vulnerability is CVE-2025-47227. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Quest KACE Systems Management Appliance up to 14.0.96/14.1.18 and classified as critical. This vulnerability affects unknown code of the component Agent. The manipulation leads to incorrect authorization. This vulnerability was named CVE-2025-26850. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in stepancheg protobuf up to 3.7.1 and classified as problematic. This issue affects the function protobuf::coded_input_stream. The manipulation leads to uncontrolled recursion. The identification of this vulnerability is CVE-2025-53605. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in pimeys web-push Crate up to 0.10.2 on Rust. It has been classified as problematic. Affected is an unknown function. The manipulation leads to improper handling of length parameter inconsistency. This vulnerability is traded as CVE-2025-53604. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Dradis up to 4.16.0. It has been classified as critical. This affects an unknown part of the component Image Parser. The manipulation leads to authentication bypass by capture-replay. This vulnerability is uniquely identified as CVE-2023-50786. The attack needs to be approached within the local network. There is no exploit available.

A vulnerability classified as critical was found in Netmake ScriptCase up to 9.12.006 (23). Affected by this vulnerability is an unknown functionality of the component Production Environment Extension. The manipulation leads to os command injection. This vulnerability is known as CVE-2025-47228. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Apple Safari up to 10.0.2. This vulnerability affects the function Frame::setDocument of the component WebKit. The manipulation leads to information disclosure. This vulnerability was named CVE-2017-2364. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in PuTTY 0.48/0.49/0.53. This affects an unknown part of the component Large Value Handler. The manipulation leads to improper input validation. This vulnerability is uniquely identified as CVE-2002-1359. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

Currently trending CVE - Hype Score: 14

Currently trending CVE - Hype Score: 14

Currently trending CVE - Hype Score: 6 - In Tenable Nessus versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could overwrite arbitrary local system files with log content at SYSTEM privilege.

Currently trending CVE - Hype Score: 23 - An unauthorized remote attacker can bypass the authentication of the affected software package by misusing an incorrect type conversion. This leads to full compromise of the device

Currently trending CVE - Hype Score: 12 - A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to log in to an affected device using the root account, which has default, ...

Currently trending CVE - Hype Score: 11 - Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)

Currently trending CVE - Hype Score: 11 - Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.